Thread: Re: [Phplib-users] Ruminations on the Situation
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
phplib-users
|
From: Bob B. <bo...@iN...> - 2002-06-30 18:28:22
|
Gian -- Don't be so defensive ...! As I said, I appreciate the work EVERYONE has=20 done on phpLib, and that certainly includes you. My point was not personal - it was rather directed at the situation as it=20 now exists, where anyone (it seems) can re-invent basic parts of the=20 library, name it after themselves, and post it in the CVS - without review= =20 by anyone as to its compliance with the rest of the code, its suitability=20 to purpose, its stability, or even its concurrence with any "master=20 plan". This now happens because, sadly, no one is running the show any= more. Your auth scheme is quite possibly the way to go ... but has anyone (as KK= =20 et al used to do in the "old days") actually spelled out what the "way to=20 go" really is? Has anyone thought through the near- and long-term goals=20 ...? You've patched the library for yourself and published the work ...=20 the very fact that you can fork the library and name it after yourself and= =20 PUBLISH THE WORK WITHIN THE PHPLIB CVS - that's what is very sad to me ... Please don't miss the point, Gian - your code may be what everyone wants in= =20 the library, it may be tight, and right ... but self-publishing within the= =20 boundaries of an existing project, IMHO, is not the way to go. Put the=20 patches on your own web site, and submit them to the CVS for consideration= =20 for inclusion in the next release, yes ... the fact that you didn't (or=20 couldn't, or wouldn't) do it this way is a telling symptom of the issue=20 that I called "sad" in the first place. Bob. At 11:04 PM 6/29/2002 +0200, you wrote: >I have to reply, and I am frank. > >I have recently resigned my 'write access' as a phplib core developer, so= =20 >I cannot be accused of imposing anything. >So there is NO anarchy. > >I have been following and contributed to phplib since version 4 or 5, and= =20 >please note that the actual structure of the session->start method has=20 >been my idea, I let you imagine how comprehensible was before. That made=20 >extending to php4 session pretty easy. > >Now I have devised a similar rationalization of $auth->start, which is an= =20 >example doc of spaghetti code. That nobody can maintain. > >It will make auth a more maneageable class, in line with modern nuke type= =20 >needs >it is a drop replacement, backwards compatible. > >For the rest there's nothing than better security, because these things=20 >evolve quick, can you imagine? and there constantly lots of new threats. A= =20 >library whose core functions are session and authentication cannot be=20 >static. Sorry. > >But it is nothing that should worry those who are not interested. And=20 >those who are interested should document and participate, please. >And if really nobody is interested then it means all this doesn't mind. > >So my choice should clearly let you understand that I am on the user side,= =20 >if not ours. > >Gian > > > Bob Bowker <bo...@iN...> a =E9crit le 29/6/02 11:08: > > >It's sad to see what used to > >be a very stable, usable > >library descend into > >chaos, confusion and > >anarchy ... people heading > >off in their own > >directions, claiming the > >umbrella of phpLib but > >naming their rewrites after > >themselves, all with > >seemingly no coordination or > >direction or vision > >whatsoever. No wonder the > >need for PEAR was so > >immediately obvious to so > >many people - not that PEAR > >was the best choice (in many > >ways worse than > >phpLib), but I really do > >understand why the core > >PHP developers decided on > >something other than > >phpLib. > > > >The CVS is in such a mess > >that someone has to write a > >how-to and post it on > >a personal web site! Then > >Giancarlo writes and releases > >several scripts > >(Nathan - did I miss the > >announcement that he is > >now a new "committee of 1" > >determining the philosophy > >I made you aware of facts you ignored. > > >and direction of the > >project?) and there goes > >Donncha's roadmap again ... > > > >Giancarlo, before you > >immediately flame me, I > >appreciate and admire your > >work - and this is nowhere > >near "personal". I just don't > >think your > >unilateral actions > >Actions? > >have a > >place in the overall scheme > >of things. We > >desperately need someone, > >or a group of "someones", > >who will coordinate > >this project. > > > >I say this knowing full well > >that the immediate > >response is "Why don't you > >do it, Bob?" and that my > >answer is the same as > >everyone else's - "I don't > >have the time" ... which, I > >suppose, in many people's > >minds, removes my > >right to complain. But that's > >why the subject is > >"Ruminations" and not > >"Problems" ... > > > >KK has moved on to other > >projects, but his hand on the > >tiller and his > >vision are sorely missed, > >imho. We've been using > >phpLib in our work here > >for almost 4 years now, and > >in spite of the lack of > >"official" progress and > >register_globals and PHP4 > >and all the meanderings of > >this past 18 months or > >so, we still rely on the library > >-- but on our own very > >highly modified > >version of 7.2 -- on every > >site we do ... regardless of > >the installation, > >regardless of the OS, and > >regardless of all the latest > >and greatest > >MyCodeIsBetter streams > >that are cropping up. > > > >A lot of people have spent > >long hours on this library, > >I have been one of them. > > >and for their code > >(as well as the learning > >experience that they've > >provided me), I'm very > >grateful. But my company > >can't afford to base our > >work on something that > >is no longer predictably > >(please note that I said > >"predictably") reliable ... > >Security is an evolving process. > > > > >Above all, after all, and with > >personal appreciation -- > >thanks, KK ... > > > >Bob. |
|
From: Giancarlo <gia...@na...> - 2002-06-30 19:26:59
|
Il 20:28, domenica 30 giugno 2002, Bob Bowker ha scritto: > the very fact that you can fork the library and name it after yourself = and > PUBLISH THE WORK WITHIN THE PHPLIB CVS - that's what is very sad to me = ... Maybe I have not been clear.=20 I CANNOT PUBLISH THE WORK WITHIN THE PHPLIB CVS=20 because I resigned spontaneously my 'write access' a few days ago, becaus= e=20 there does not exist a discussion on anything and I don'ty want that. So, please, don't insist on that. Gian > > Please don't miss the point, Gian - your code may be what everyone want= s in > the library, it may be tight, and right ... but self-publishing within = the > boundaries of an existing project, IMHO, is not the way to go. Put the > patches on your own web site, and submit them to the CVS for considerat= ion > for inclusion in the next release, yes ... the fact that you didn't (or > couldn't, or wouldn't) do it this way is a telling symptom of the issue > that I called "sad" in the first place. > > Bob. > > At 11:04 PM 6/29/2002 +0200, you wrote: > >I have to reply, and I am frank. > > > >I have recently resigned my 'write access' as a phplib core developer,= so > >I cannot be accused of imposing anything. > >So there is NO anarchy. > > > >I have been following and contributed to phplib since version 4 or 5, = and > >please note that the actual structure of the session->start method has > >been my idea, I let you imagine how comprehensible was before. That ma= de > >extending to php4 session pretty easy. > > > >Now I have devised a similar rationalization of $auth->start, which is= an > >example doc of spaghetti code. That nobody can maintain. > > > >It will make auth a more maneageable class, in line with modern nuke = type > >needs > >it is a drop replacement, backwards compatible. > > > >For the rest there's nothing than better security, because these thing= s > >evolve quick, can you imagine? and there constantly lots of new threat= s. A > >library whose core functions are session and authentication cannot be > >static. Sorry. > > > >But it is nothing that should worry those who are not interested. And > >those who are interested should document and participate, please. > >And if really nobody is interested then it means all this doesn't mind= =2E > > > >So my choice should clearly let you understand that I am on the user s= ide, > >if not ours. > > > >Gian > > > > Bob Bowker <bo...@iN...> a =E9crit le 29/6/02 11:08: > > >It's sad to see what used to > > >be a very stable, usable > > >library descend into > > >chaos, confusion and > > >anarchy ... people heading > > >off in their own > > >directions, claiming the > > >umbrella of phpLib but > > >naming their rewrites after > > >themselves, all with > > >seemingly no coordination or > > >direction or vision > > >whatsoever. No wonder the > > >need for PEAR was so > > >immediately obvious to so > > >many people - not that PEAR > > >was the best choice (in many > > >ways worse than > > >phpLib), but I really do > > >understand why the core > > >PHP developers decided on > > >something other than > > >phpLib. > > > > > >The CVS is in such a mess > > >that someone has to write a > > >how-to and post it on > > >a personal web site! Then > > >Giancarlo writes and releases > > >several scripts > > >(Nathan - did I miss the > > >announcement that he is > > >now a new "committee of 1" > > >determining the philosophy > > > >I made you aware of facts you ignored. > > > > >and direction of the > > >project?) and there goes > > >Donncha's roadmap again ... > > > > > >Giancarlo, before you > > >immediately flame me, I > > >appreciate and admire your > > >work - and this is nowhere > > >near "personal". I just don't > > >think your > > >unilateral actions > > > >Actions? > > > >have a > > > > >place in the overall scheme > > >of things. We > > >desperately need someone, > > >or a group of "someones", > > >who will coordinate > > >this project. > > > > > >I say this knowing full well > > >that the immediate > > >response is "Why don't you > > >do it, Bob?" and that my > > >answer is the same as > > >everyone else's - "I don't > > >have the time" ... which, I > > >suppose, in many people's > > >minds, removes my > > >right to complain. But that's > > >why the subject is > > >"Ruminations" and not > > >"Problems" ... > > > > > >KK has moved on to other > > >projects, but his hand on the > > >tiller and his > > >vision are sorely missed, > > >imho. We've been using > > >phpLib in our work here > > >for almost 4 years now, and > > >in spite of the lack of > > >"official" progress and > > >register_globals and PHP4 > > >and all the meanderings of > > >this past 18 months or > > >so, we still rely on the library > > >-- but on our own very > > >highly modified > > >version of 7.2 -- on every > > >site we do ... regardless of > > >the installation, > > >regardless of the OS, and > > >regardless of all the latest > > >and greatest > > >MyCodeIsBetter streams > > >that are cropping up. > > > > > >A lot of people have spent > > >long hours on this library, > > > >I have been one of them. > > > > >and for their code > > >(as well as the learning > > >experience that they've > > >provided me), I'm very > > >grateful. But my company > > >can't afford to base our > > >work on something that > > >is no longer predictably > > >(please note that I said > > >"predictably") reliable ... > > > >Security is an evolving process. > > > > >Above all, after all, and with > > >personal appreciation -- > > >thanks, KK ... > > > > > >Bob. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X